Radio Frequency Identification (RFID) is an emerging technology with numerous applications, e.g. as smart labels or tags. RFID devices respectively RFID tags vary greatly in their cost and capabilities. At the low end, there are low-cost tags that are passive, getting their power from the reader, with limited computational, storage, and communication capabilities. Major applications of such tags are as replacements for barcodes being used for Electronic Product Codes (EPC) tags and as a track-and-trace tool to prevent product counterfeiting e.g. in the pharmaceuticals industry. Further, RFID tags are used in production and/or logistics in order to individually trace the treatment for each article to be produced. However, RFID tags have also applications at the consumer side, with the possibility to uniquely identify items in the home and support a number of home activities.
However, low-cost RFID tags present serious security problems. In some cases low-cost RFID devices can pose a privacy threat to its users. For example, if information that is on the tags is not protected from making the information available to unauthorized parties, such an unauthorized party can surreptitiously obtain information about the tagged items that a person is carrying. This information can then be used to track the person carrying the tagged items, find out information about his or her preferences, infer transactions happening between individuals, etc. For a detailed overview of threats and available solutions for the RFID privacy problem reference is made to the publication “S. L. Garfinkel, A. Juels, R. Pappu, RFID Privacy: An Overview of Problems and Proposed Solutions, IEEE Security and Privacy, 3(3), 34-43, May/June 2005”.
One standardized solution to prevent this type of threat in current systems is the so-called “kill-command” that permanently disables a tag. This type of solution is effective but has the big drawback of rendering RFID tags useless when applying such a kill-command e.g. after a point-of-sale terminal. In particular, an object with an embedded RFID tag cannot interact anymore or provide information to a legitimate user even if the user would desire it.
U.S. Pat. No. 6,970,070 discloses another solution for maintaining privacy in connection with RFID tags. This solution includes using a so-called blocker tag, which effectively acts as a wall between RFID tags carried by an individual and potentially unauthorized RFID readers. The blocker tag simulates the tags under its domain and interferes with the singulation protocol performed by the reader in order to identify the tag. Since the reader cannot identify the tag, the user's privacy is safeguarded.
US 2004/0222878 A1 discloses another approach towards preserving privacy in connection with the usage of RFID devices. This approach is based on the use of pseudonyms that are updated by a reader periodically and sent to the tag encrypted with a one-time pad.
The publication “S. A. Weis, S. E. Sarma, R. L. Rivest, D. W. Engels, Security and Privacy Aspects of Low-Cost Radio Frequency Identification Systems, International Conference on Security in Pervasive Computing, March 2003” discloses yet other solutions for preserving privacy in connection with the usage of RFID devices. These solutions involve the use of cryptographic primitives such as hash functions. However, such solutions would require additional resources that cheap RFID tags are not expected to have.
The publication “Bolotnyy, L. and Robins, G., Multi-Tag Radio Frequency Identification Systems, Proc. IEEE Workshop on Automated Identification Advanced Technologies, October, 2005, pp. 83-88” discloses the usage of multiple RFID tags for increasing the sensitivity of a multiple RFID tag system by increasing the overall voltage, which is induced in the multiple RFID tag system by a RFID reader. In particular if the different RFID tags are oriented in different directions with respect to the angle of incidence the expected voltage on the best-oriented RFID tag is increased significantly.
The publication “A. Juels, RFID Security and Privacy, A Research Survey, IEEE Journal on Selected Areas in Communications, 24(2) 381-394, February 2006” discloses a proposal for effacing unique identifiers in tags at the point of sale of a shop in order to address the tracking problem, but retaining product-type identifiers such as traditional barcode data for later use. It is suggested that consumer products may be equipped with relabel tags comprising new identifiers, but that old tag identifiers remain subject to reactivation for later public uses, like recycling. As a physical mechanism for realizing this idea, it is also proposed to explore the idea of splitting product-type identifiers and unique identifiers across two RFID tags. By peeling off one of these two tags, a consumer can reduce the granularity of tag data. This idea can be extended in that users can physically alter tags to limit their data emission and obtain physical confirmation of their changed state.
US 2005/0205678 A1 discloses a data carrier that has a dual interface unit with a contact interface as a second interface as well as an antenna. The disclosed RFID unit in the data carrier is connectable to an Internet-enabled personal computer via a standard interface such as for example a USB plug.
There may be a need for providing RFID devices with an extended functionality, such extended functionality compared to unprotected RFID devices, on the one hand allows to increase the privacy of a user and on the other hand does not cause an extensive increase with respect to complexity and costs of the RFID devices.